Appl. No. 10/608,491 
Amdt. Dated 12/30/2008 

Response to Final Office Action dated 1 1/14/2008 

REMARKS 

No claims have been amended. No claims have been cancelled, and no new claims have 
been added. Claims 1-27 were earlier withdrawn. Claims 28-44 are pending. 

Claim Rejections - 35 USC § 102(e) 

The Examiner rejected claims 36-37 and 39-41 under 35 USC § 102(e) as anticipated by 
Tuomenoksa (US 7,181,542). This rejection is respectfully traversed. 

In the initial statement of this rejection, the Final Office Action mistakenly includes 
claims 42-43 and excludes claim 41. However, the substance of the rejection and the 35 USC § 
103(a) rejection make it clear that claim 41 is included in this rejection and that claims 43 and 43 
are not include in this rejection. 

Claims 36 and 39 are independent. The remainder of the claims in this rejection depend 
on claims 36 or 39. 

We respectfully remind the Examiner that to make an anticipation rejection, each and 
every one of the limitations recited in the claims must be disclosed in the cited reference. 
Moreover, the Federal Circuit has recently expounded that an anticipatory reference must 
disclose "not only all of the limitations claimed but also all of the limitations arranged or 
combined in the same way as recited in the claim". Net Moneyln, Inc. v. Verisign, Inc. 545 F.3d 
1359, 1370, 1371 (Fed. Cir. 2008) 

Tuomenoksa discloses that a client may "establish a connection via a tunnel of the 
gateway 1610 to the network operation center 610." (Tuomenoksa 31:14-16) Tuomenoksa 
discloses that "the gateway 1610 may send to the tunnel interface module 1630 [of the network 
operation center 610] an initiation message". (Tuomenoksa 30:45-47) Tuomenoksa further 
discloses that "[t]he gateway 610 may include a TCP tunnel driver ... and a virtual device 
adapter that functions as a virtual network interface card for recognizing a virtual IP address 
corresponding to the gateway 1610." (Tuomenoksa 29:59-65) 
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More simply, Tuomenoksa discloses that a client may communicate with a network 
operations center through a gateway and that there is a tunnel between the gateway and the 
network operations center. However, Tuomenoksa does not disclose what is claimed. 

Claim 36 recites "the second computing device receiving over a second network 
incoming data units directed to the network interface of the network device" and "forwarding the 
incoming data units to the first computing device via the communication channel". We assert 
that Tuomenoksa does not teach that incoming data units are directed to the network interface of 
the network device and that the incoming data units are forwarded to the first computing device 
as claimed. 

The Examiner cites col. 31, lines 14-23 as teaching these limitations. However, the cited 
portion of Tuomenoksa teaches that multiple clients may communicate over gateway 1610 via 
one or more tunnels with network operations center 610. There is no teaching in Tuomenoksa of 
"receiving over a second network incoming data units directed to the network interface of the 
network device" and "forwarding the incoming data units to the first computing device via the 
communication channel". As claimed, the network device is included in the second computing 
device. In contrast, Tuomenoksa teaches a client may communicate over gateway via a tunnel 
with the network operations center. Assuming that the gateway is the second computing device 
and the network operations center is the first computing device, there is no teaching in 
Tuomenoksa of "incoming data units directed to the network interface of the network device" of 
the gateway that are forwarded to the network operations center. That Tuomenoksa teaches that 
a client accesses a tunnel to the network operation center through the gateway does not teach 
"incoming data units directed to the network interface of the network device" of the gateway that 
are forwarded to the network operations center. There is no teaching that the data units are 
"directed to the network interface of the network device" included in the second computing 
device. 

The analysis of claim 36 also applies to claim 39. 
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In addition, as to claim 39, the cited portions of Tuomenoksa fail to disclose what is 
claimed. As to teaching a network testing system, there is no teaching of the claimed "network 
testing system having a processor, a memory, an operating system, and at least one network 
card". The teachings of at col. 21, lines 1-4 of Tuomenoksa are merely steps taken to "determine 
whether the gateway is accessible behind a firewall". That the actions recited maybe performed 
by a network testing system does not allow for the conclusion that the cited portion teaches the 
elements of the claimed network testing system. Moreover, the description of hardware devices 
applicable to the teaching of Tuomenoksa at col. 7, lines 31-38 make clear that a network testing 
system is not included in the disclosure. Tuomenoksa does not teach the network testing system 
as claimed. 

As set forth in this section, Tuomenoksa fails to disclose all of the limitations recited in 
claims 36 and 39. Therefore, claims 36 and 39 are patentable over Tuomenoksa. 

As to claims 37 and 40, claim 37 recites "the second computing device receiving via the 
communication channel outgoing data unit requests from the first computing device, the outgoing 
data unit requests including an identifier of a specified network interface" and "the second 
computing device transmitting outgoing data units pursuant to the outgoing data unit requests 
onto the second network via the specified network interface". Similarly, claim 40 recites "the 
network testing system receiving via the communication channel outgoing data unit requests 
from the computing device, the outgoing data unit requests including an identifier of a specified 
network interface associated with one or more network devices included in the network card" 
and "the network testing system transmitting outgoing data units pursuant to the outgoing data 
unit requests onto the second network via the specified network interface.". 

The Examiner asserts that the limitations from claims 37 and 40 are taught by 
Tuomenoksa at col. 10, lines 17-31 and at col. 8, lines 55-67. However, the teaching at col. 10, 
lines 17-31 is of a control system that enables an encrypted flow of information between two 
gateways by exchanging control and/or monitoring information. This portion of Tuomenoksa 
does not teach outgoing data unit requests as claimed. Specifically, this does not teach "the 
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second computing device receiving via the communication channel outgoing data unit requests 
from the first computing device . . . including an identifier of a specified network interface" or 
"the network testing system receiving via the communication channel outgoing data unit requests 
from the computing device . . . including an identifier of a specified network interface associated 
with one or more network devices included in the network card" as recited in claims 37 and 40. 

And the teaching at col. 8, lines 55-67 is of a control system that manages three tunnels 
the first tunnel between a first gateway and the control system, the second tunnel between a 
second gateway and the control system, and the third tunnel apparently between the first gateway 
and the second gateway according to a partner list for each of the first gateway and the second 
gateway. This portion of Tuomenoksa does not teach the claimed outgoing data unit requests. 
Specifically, this portion of Tuomenoksa does not teach "the second computing device 
transmitting outgoing data units pursuant to the outgoing data unit requests onto the second 
network via the specified network interface" and "the network testing system transmitting 
outgoing data units pursuant to the outgoing data unit requests onto the second network via the 
specified network interface." as recited in claims 37 and 40. 

As set forth in the prior two paragraphs, claims 37 and 40 are patentable over 
Tuomenoksa. 

Moreover, all claims depending on independent claims 36, and 39 are patentable over 
Tuomenoksa by virtue of their dependency on the independent claims. 

Claim Rejections - 35 USC § 103(a) 

A. The Examiner rejected claims 42-44 under 35 USC § 103(a) as rendered obvious by 
Tuomenoksa. This rejection is respectfully traversed. 

Claim 42 is patentable over Tuomenoksa for the reasons set forth above regarding the § 
102 anticipation rejection of claim 39. Therefore, claims 42 and all claims dependent thereon are 
patentable over Tuomenoksa. 
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B. The Examiner rejected claims 28-35 under 35 USC § 103(a) as rendered obvious by 
Tuomenoksa in view of Aysan (US 7,379,465) and Archaya (US 6,894,999). This rejection is 
respectfully traversed. 

Claims 28 and 32 are independent. The remainder of the claims in this rejection depend 
on claims 28 or 32. 

As to claims 28 and 32, these claims recite a first computing device and a second 
computing device performing recited actions. However, the cited portions of Tuomenoksa fail to 
disclose two computing devices performing the recited actions. In contrast, Tuomenoksa 
requires a third processor to orchestrate the relationship between the other two processors. See 
Tuomenoksa col. 3, lines 41-59. 

Tuomenoksa does not disclose the claimed first computing device and the second 
computing device acting as claimed. Specifically, Tuomenoksa teaches that 

The additional processor receives information indicating consent on behalf 
of the first processor to enabling a tunnel between the first processor and 
the second processor and information indicating consent on behalf of the 
second processor to enabling a tunnel between the second processor and 
the first processor. The additional processor determines a first virtual 
address for the first processor and a second virtual address for the second 
processor such that the first and second virtual addresses uniquely identify 
the first and second processors, respectively, and are routable through the 
network. The additional processor provides to each of the first and second 
processors the first and second virtual addresses to enable one or more 
tunnels between the first and the second processors, thus enabling one or 
more networks between the first and second processors. 

Tuomenoksa col. 3, lines 44-59. 

In addition, claims 28 and 32 recite "the connection request causing the second 
computing device to wait on the communication channel for additional requests from the first 
computing device". Tuomenoksa does not disclose "the connection request causing the second 
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computing device to wait on the communication channel for additional requests from the first 
computing device". 

Further, claim 28 recites "forwarding to the first computing device via the communication 
channel incoming data units received by the network device over the second network, the 
incoming data units specifying the network device as a destination", and claim 32 recites 
forwarding to the first computing device via the communication channel incoming data units 
received by the specified network interface over the second network, the incoming data units 
specifying the network device as a destination". The Examiner admits that Tuomenoksa does 
not disclose that the incoming data units that are forwarded to the first computing device specify 
the network device of the second computing device as a destination. (Final Office Action, p. 7) 
But the Examiner asserts that this is taught by Aysan. 

The Examiner states that it would have been obvious to combine the teachings of 
Tuomenoksa and Aysan to solve the problem of too many tunnels sharing actual or virtual 
addresses. However, there is no such problem discussed in either Tuomenoksa or Aysan. 
Moreover, the teaching of Aysan do not solve any such problem. Assuming in arguendo there 
was such a problem, the problem of too many tunnels sharing actual or virtual addresses is not 
cured by teaching that a tunnel endpoint has two addresses, one private and one public, and that a 
table lookup of the public address is done to obtain the private address and another table lookup 
is done to obtain a destination address as taught in the cited portions of Aysan. Aysan col. 7, 
lines 48-54 and col. 8, lines 28-49. 

As set forth in this section, the combination of Tuomenoksa, Aysan and Archaya fails to 
disclose all of the limitations recited in claims 28 and 32. Therefore, claims 28 and 32 are 
patentable over Tuomenoksa. 

Moreover, all claims depending on independent claims 28 and 32 are patentable over the 
combination of Tuomenoksa and Archaya by virtue of their dependency on the independent 
claims. 
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Disclaimers Relating to Claim Interpretation and Prosecution History Estoppel 

The claims of this application are intended to stand on their own and are not to be read in 
light of the prosecution history of any related or unrelated patent or patent application. 
Furthermore, no arguments in any prosecution history relate to any claim in this application, 
except for arguments specifically directed to the claim. 


It is submitted, however, that the independent and dependent claims include other 
significant and substantial recitations which are not disclosed in the cited references. Thus, the 
claims are also patentable for additional reasons. However, for economy the additional grounds 
for patentability are not set forth here. 

In view of all of the above, it is respectfully submitted that the present application is now 
in condition for allowance. Reconsideration and reexamination are respectfully requested and 
allowance at an early date is solicited. 

The Examiner is invited to call the undersigned to answer any questions or to discuss 
steps necessary for placing the application in condition for allowance. 


SoCal IP Law Group LLP 
310 N. Westlake Blvd., Suite 120 
Westlake Village, CA 91362 
Telephone: 805/230-1350 x240 
Facsimile: 805/230-1355 
email: mgoldstein@socalip.com 


Conclusion 


Respectfully submitted, 


Date: December 30, 2008 



Mark A. Goldstein 
Reg. No. 50,759 
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